var counter

var ImageBase

var jmp_oep

var OEP

var iat_start

var x

var y

var pf

var temp



mov counter,0

gmi eip,MODULEBASE

mov ImageBase,$RESULT

gmi eip,CODEBASE

mov x,$RESULT

gpa  "LoadLibraryA","kernel32.dll"

bp $RESULT

run

bc eip

rtu

mov  temp,eip

add temp,78

mov jmp_oep,temp

add temp,19

mov pf,temp



fill pf,4,90

add pf,1E

fill pf,3,90

bp pf

run

mov iat_start,esi

bc eip

bphws jmp_oep,"x"

run

bphwc jmp_oep

sti

cmt eip,"OEP"

mov OEP,eip



// Original by PE_Kill



sub OEP,ImageBase

sub iat_start,ImageBase

mov counter,ImageBase

add counter,3C

mov counter,[counter]

add counter,ImageBase

add counter,28

mov [counter],OEP

add counter,58

mov [counter],iat_start



eval "The file is completely unpacked! Dump it on a disk. Do not use ImpREC, import is already restored! OEP: {OEP}, IAT Start: {iat_start}"

msg $RESULT

ret



quit:

MSG "Not CrypToCrackPeProtector0.9.2"

ret